<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<section class="l-section"><div class="l-section-h i-cf"><h2>sctpscan Package Description</h2>
<p style="text-align: justify;">SCTPscan is a tool to scan SCTP enabled machines. Typically, these are Telecom oriented machines carrying SS7 and SIGTRAN over IP. Using SCTPscan, you can find entry points to Telecom networks. This is especially useful when doing pentests on Telecom Core Network infrastructures. SCTP is also used in high-performance networks (internet2).</p>
<p>Source: http://www.p1sec.com/corp/research/tools/sctpscan/<br>
<a href="http://www.p1sec.com/corp/research/tools/sctpscan/" variation="deepblue" target="blank">sctpscan Homepage</a> | <a href="http://git.kali.org/gitweb/?p=packages/sctpscan.git;a=summary" variation="deepblue" target="blank">Kali sctpscan Repo</a></p>
<ul>
<li>Author: Philippe Langlois</li>
<li>License: EGPLv2</li>
</ul>
<h3>Tools included in the sctpscan package</h3>
<h5>sctpscan – SCTP network scanner for discovery and security</h5>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="b6c4d9d9c2f6ddd7dadf">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# sctpscan<br>
SCTPscan - Copyright (C) 2002 - 2009 Philippe Langlois.<br>
SCTPscan comes with ABSOLUTELY NO WARRANTY; for details read the LICENSE or COPYING file.<br>
Usage:  sctpscan [options]<br>
Options:<br>
  -p, --port &lt;port&gt;           (default: 10000)<br>
      port specifies the remote port number<br>
  -P, --loc_port &lt;port&gt;           (default: 10000)<br>
      port specifies the local port number<br>
  -l, --loc_host &lt;loc_host&gt;   (default: 127.0.0.1)<br>
      loc_host specifies the local (bind) host for the SCTP<br>
      stream with optional local port number<br>
  -r, --rem_host &lt;rem_host&gt;   (default: 127.0.0.2)<br>
      rem_host specifies the remote (sendto) address for the SCTP<br>
      stream with optional remote port number<br>
  -s  --scan -r aaa[.bbb[.ccc]]<br>
      scan all machines within network<br>
  -m  --map<br>
      map all SCTP ports from 0 to 65535 (portscan)<br>
  -F  --Frequent<br>
      Portscans the frequently used SCTP ports<br>
      Frequent SCTP ports: 1, 7, 9, 20, 21, 22, 80, 100, 128, 179, 260, 250, 443, 1167, 1812, 2097, 2000, 2001, 2010, 2011, 2020, 2021, 2100, 2110, 2120, 2225, 2427, 2477, 2577, 2904, 2905, 2906, 2907, 2908, 2909, 2944, 2945, 3000, 3097, 3565, 3740, 3863, 3864, 3868, 4000, 4739, 4740, 5000, 5001, 5060, 5061, 5090, 5091, 5672, 5675, 6000, 6100, 6110, 6120, 6130, 6140, 6150, 6160, 6170, 6180, 6190, 6529, 6700, 6701, 6702, 6789, 6790, 7000, 7001, 7102, 7103, 7105, 7551, 7626, 7701, 7800, 8000, 8001, 8471, 8787, 9006, 9084, 9899, 9911, 9900, 9901, 9902, 10000, 10001, 11146, 11997, 11998, 11999, 12205, 12235, 13000, 13001, 14000, 14001, 20049, 29118, 29168, 30000, 32905, 32931, 32768<br>
  -a  --autoportscan<br>
      Portscans automatically any host with SCTP aware TCP/IP stack<br>
  -i  --linein<br>
      Receive IP to scan from stdin<br>
  -f  --fuzz<br>
      Fuzz test all the remote protocol stack<br>
  -B  --bothpackets<br>
      Send packets with INIT chunk for one, and SHUTDOWN_ACK for the other<br>
  -b  --both_checksum<br>
      Send both checksum: new crc32 and old legacy-driven adler32<br>
  -C  --crc32<br>
      Calculate checksums with the new crc32<br>
  -A  --adler32<br>
      Calculate checksums with the old adler32<br>
  -Z  --zombie<br>
      Does not collaborate to the SCTP Collaboration platform. No reporting.<br>
  -d  --dummyserver<br>
      Starts a dummy SCTP server on port 10000. You can then try to scan it from another machine.<br>
  -E  --exec &lt;script_name&gt;<br>
      Executes &lt;script_name&gt; each time an open SCTP port is found.<br>
      Execution arguments: &lt;script_name&gt; host_ip sctp_port<br>
  -t  --tcpbridge &lt;listen TCP port&gt;<br>
      Bridges all connection from &lt;listen TCP port&gt; to remote designated SCTP port.<br>
  -S  --streams &lt;number of streams&gt;<br>
      Tries to establish SCTP association with the specified &lt;number of streams&gt; to remote designated SCTP destination.<br>
<br>
Scan port 9999 on 192.168.1.24<br>
./sctpscan -l 192.168.1.2 -r 192.168.1.24 -p 9999<br>
<br>
Scans for availability of SCTP on 172.17.8.* and portscan any host with SCTP stack<br>
./sctpscan -s -l 172.22.1.96 -r 172.17.8<br>
<br>
Scans frequently used ports on 172.17.8.*<br>
./sctpscan -s -F -l 172.22.1.96 -r 172.17.8<br>
<br>
Scans all class-B network for frequent port<br>
./sctpscan -s -F -r 172.22 -l `ifconfig eth0 | grep 'inet addr:' |  cut -d: -f2 | cut -d ' ' -f 1 `<br>
<br>
Simple verification end to end on the local machine:<br>
./sctpscan -d &amp;<br>
./sctpscan -s -l 192.168.1.24 -r 192.168.1 -p 10000<br>
<br>
This tool does NOT work behind most NAT.<br>
That means that most of the routers / firewall don't know how to NAT SCTP packets.<br>
You _need_ to use this tool from a computer having a public IP address (i.e. non-RFC1918)</code>
<h3>sctpscan Usage Example</h3>
<p>Scan <b><i>(-s)</i></b> for frequently used ports <b><i>(-F)</i></b> on the remote network <b><i>(-r 192.168.1.*)</i></b>:</p>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="7c0e1313083c171d1015">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# sctpscan -s -F -r 192.168.1.*<br>
SCTPscan - Copyright (C) 2002 - 2009 Philippe Langlois.<br>
Netscanning with Crc32 checksumed packet<br>
Portscanning Frequent Ports on 192.168.1.*.</code>
</div></section><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
